From Host Card Emulation (HCE) and tokenization, to empowering organizations to become their own Token Service Provider (TSP), Rambus Bell ID software provides a comprehensive, mobile payment solution to banks and retailers worldwide that loads and manages payment credentials on Near Field Communication (NFC)-based smartphones and connected devices. Learn more about Security

Featuring comprehensive solutions for both physical and virtual smart cards, the Rambus Smart Ticketing suite of products, including technology from Ecebs, offer secure and easy-to-implement solutions for any transport scenario, including rail, bus, and ferry. Learn more about Security

Made for high speed, reliability and power efficiency, our DDR3 and DDR4 chipsets, recently acquired from Inphi, for RDIMM and LRDIMM server modules deliver top-of-the-line performance and capacity for the next wave of enterprise and data center servers. Learn more about Memory + Interfaces

With their reduced power consumption and industry-leading data rates, our line-up of memory interface IP solutions support a broad range of industry standards with improved margin and flexibility. Learn more about Memory + Interfaces

Inspired by the innovative thinking at the heart of Rambus Labs, the Emerging Solutions division at Rambus works to translate extraordinary theory into everyday practice. Learn more about Emerging Solutions

Protecting the physical world from the digital realm

Protecting the physical world from the digital realm Rambus Press
2017-03-07T08:55:34+00:00

Protecting the physical world from the digital realm

This entry was posted on Tuesday, March 7th, 2017.

Written by Asaf Ashkenazi

Industry estimates suggest the global cyber insurance business could reach approximately $20 billion by 2020. Currently, most cyber insurance policies cover damages related to data leaks, such as the inadvertent publication of SSNs, bank account or credit card numbers and patient medical history. Other cyber insurance policies offer compensation for ransomware payments.

The industry is also preparing itself for actual physical damage caused by cyber criminals. This is because Internet of Things (IoT) devices connect the physical world with the digital realm. Hijacked IoT devices and systems can potentially cause significant damage and are a huge liability if they remain unprotected. For example, in 2015, cyber criminals targeted a steel mill in Germany, manipulating and disrupting various control systems. According to Wired, a blast furnace in the mill could not be properly shut down, resulting in “massive” (though unspecified) damage.

Perhaps not surprisingly, Booz Allen Hamilton warns that the impact of cyber-attacks against Industrial Control Systems (ICS) could be devastating.

“Attacks can cause extended operational halts to production and physical damage and even jeopardize the safety of employees and customers,” the organization stated. “The attack surface for ICS is larger than just the ICS devices, equipment and networks: It extends to all parts of an organization, including the extended supply chain.”

One basic premise of any insurance policy is the ability to precisely assess risk versus potential damage. Clearly, the risk for cyber security insurance that covers physical damage caused by a cyber attack will be negatively affected by the extent of the attack vector. This vector is also represented by the number of connected endpoints and the physical damage each IoT endpoint can potentially cause if compromised.

Increased risk, incurred by unprotected endpoints, will inevitably result in higher policies, deductibles and other limitations that makes cyber insurance all but unaffordable for many businesses. Moreover, insurance companies could potentially require proof of specific security measures taken by the policy owner to reduce the risk of attacks. In the future, insurance companies may also demand their policy holders implement a certain level of security before coverage begins.

From our perspective, reducing the IoT attack surface starts with adequately protecting both services and endpoints. It is important to note that an attacker cannot compromise an endpoint without first establishing an unauthorized communication channel. An IoT security solution should therefore only allow legitimate, verified cloud services to ‘talk’ with each device by detecting and thwarting unauthorized communication attempts. In addition, IoT devices should be uniquely and cryptographically verified to determine if they are authorized to connect, thereby reducing the attack surface of the service by preventing remote attacker access directly or through malicious or compromised endpoints.

In conclusion, the industry must prepare for a new era in which IoT security solutions adequately protected the physical world from the digital realm.